<?php
require 'db.php'; // 包含数据库连接
require 'vendor/autoload.php'; // 引入 Composer 自动加载器
include_once 'secret/jwt.php';

use Firebase\JWT\JWT;
use Firebase\JWT\Key;

if (!isset($_COOKIE['token'])) {
    header('Location: index.php');
    exit();
}

$jwt = $_COOKIE['token'];

try {
    $decoded = JWT::decode($jwt, new Key($secretKey, 'HS256'));
    $username = $decoded->data->username;
    $role = $decoded->data->role;
} catch (Exception $e) {
    echo json_encode([
        'error' => '访问被拒绝: ' . $e->getMessage()
    ]);
    exit();
}

if($role!=="admin"){
    header('Location: profile.html');
    exit();
}

// 检查是否提供了文章ID
if (!isset($_GET['id'])) {
    echo "文章ID未提供";
    exit();
}

$article_id = $_GET['id'];

// 获取指定ID的文章
$stmt = $conn->prepare("SELECT title, content, author_name, created_at FROM articles WHERE id = ?");
$stmt->bind_param("i", $article_id);
$stmt->execute();
$stmt->bind_result($title, $content, $author, $created_at);
$stmt->fetch();
$stmt->close();
?>

<!DOCTYPE html>
<html>
<head>
    <title><?php echo htmlspecialchars($title); ?></title>
</head>
<body>
    <h2><?php echo htmlspecialchars($title); ?></h2>
    <p>作者: <?php echo htmlspecialchars($author); ?> | 发布时间: <?php echo $created_at; ?></p>
    <p><?php echo nl2br(htmlspecialchars($content)); ?></p>
    <form action="approve_article.php" method="post">
        <input type="hidden" name="id" value="<?php echo $article_id; ?>">
        <button type="submit" name="action" value="approve">批准</button>
        <button type="submit" name="action" value="reject">拒绝</button>
    </form>
    <p><a href="admin_review.php">返回审核列表</a></p>
</body>
</html>

<?php
$conn->close();
?>
